Commit Graph

60 Commits

Author SHA1 Message Date
fanquake
ae6e0ada9b
Merge bitcoin/bitcoin#29725: depends: build libqrencode with CMake
007ea322a6492d46f1565ef58a0c49f5b468ff20 depends: switch to building libqrencode with CMake (fanquake)
884330c0a57ce839d48606dc2de3928869b31b7d guix: make cmake-minimal a global requirement (fanquake)

Pull request description:

  Switch to building libqrencode with CMake. Note that upstream (https://github.com/fukuchi/libqrencode) hasn't seen any activity for ~4 years, so the odds of getting anything upstream seems low, but I've made two minor changes to the source here, which I will PR in any case.

  From an initial look I couldn't find any significant difference between the Autotools and CMake produced libs. As part of this change we move cmake-minimal in Guix into the global package set.

ACKs for top commit:
  TheCharlatan:
    ACK 007ea322a6492d46f1565ef58a0c49f5b468ff20

Tree-SHA512: c784f790ddea958082c8ae96d3744bdf99331a8799765f9d44f00861b8e2cfcab1a88a3d64af5b10e51a8d5938d55eb6a3d271790b565e50492a39d00dc0e30f
2024-09-29 10:54:41 +03:00
Andrew Chow
3e693ddfb5
Merge bitcoin/bitcoin#25788: guix: patch NSIS to remove .reloc sections from installer stubs
7a0b129c41d9fefdbc20d6d04983dd87bb8379e7 guix: patch NSIS to remove .reloc sections from install stubs (fanquake)

Pull request description:

  With the release of binutils/ld 2.36, ld swapped to much improved
  default settings when producing windows binaries with mingw-w64. One of
  these changes was to stop stripping the .reloc section from binaries,
  which is required for working ASLR.

  When we switched to using a newer Guix time-machine in #23778, we begun
  using binutils 2.37 to produce releases. Since then, our windows
  installer (produced with makensis) has not functioned correctly when run on
  a Windows system with the "Force randomization for images (Mandatory ASLR)"
  option enabled. Note that all of our other release binaries, which all
  contain .reloc sections, function fine under the same option, so it
  cannot be just the presence of a .reloc section that is the issue.

  The root cause of the problem is that when we compile NSIS (makensis), a number
  of exe installer stubs are produced at the same time, for use later when makensis
  is actually run. Given the new linker defaults, the stubs will contain .reloc sections,
  when previously they would not. It seems that, in combination with how makensis
  mutates the stub when it actually builds the installer, causes the problem.

  According to upstream, https://sourceforge.net/p/nsis/bugs/1131/#abb6:
  > Looks like the problem is the very existance of the .reloc section.
  > It's not supposed to be there, and makensis doesn't handle it.

  The most recent .reloc related upstream activity is in
  https://sourceforge.net/p/nsis/bugs/1283/, where the conclusion again seemed to
  be that .relo sections are not wanted, but there hasn't been any further follow up.

  For now, restore pre-binutils-2.36 behaviour, by passing `-Wl,--disable-reloc-section`
  to the linker when building the installer stubs, which fixes the produced installer.
  The underlying issue can be further investigated in future.

  .reloc section stripping is something we've accounted for previously,
  see #18702, and related upstream discussion is in this thread:
  https://sourceware.org/bugzilla/show_bug.cgi?id=19011.

  Fixes #25726.

  Guix Build (x86_64):
  ```bash
  7e0723388913ac1ec9f650b943c6b23351ba0cd921c0ec830abf16b16724d503  guix-build-7a0b129c41d9/output/dist-archive/bitcoin-7a0b129c41d9.tar.gz
  c3bb9c68895ffafa2900b0d18c1268e299d012a7dc70593f20f9900cf116eb05  guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/SHA256SUMS.part
  b57aa99c242b0aae64653c64ada38f6d3f0cbd902bbc096d3dc529fdcf87d681  guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-debug.zip
  341d99afc9961299883be6cd9666e8bc0f3f6296cff758719a32d27419acad36  guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-setup-unsigned.exe
  1d9ef48d3c9ed93a925962356b41cdaeb9d09fd758de193cd4d5f4d1ec6791eb  guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-unsigned.tar.gz
  28c81d99a9a4bd6648449393f91db213369e958add579ba9e9a1721540d2c4f7  guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64.zip
  ```

  Guix Build (arm64):
  ```bash
  7e0723388913ac1ec9f650b943c6b23351ba0cd921c0ec830abf16b16724d503  guix-build-7a0b129c41d9/output/dist-archive/bitcoin-7a0b129c41d9.tar.gz
  c3bb9c68895ffafa2900b0d18c1268e299d012a7dc70593f20f9900cf116eb05  guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/SHA256SUMS.part
  b57aa99c242b0aae64653c64ada38f6d3f0cbd902bbc096d3dc529fdcf87d681  guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-debug.zip
  341d99afc9961299883be6cd9666e8bc0f3f6296cff758719a32d27419acad36  guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-setup-unsigned.exe
  1d9ef48d3c9ed93a925962356b41cdaeb9d09fd758de193cd4d5f4d1ec6791eb  guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-unsigned.tar.gz
  28c81d99a9a4bd6648449393f91db213369e958add579ba9e9a1721540d2c4f7  guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64.zip
  ```

ACKs for top commit:
  achow101:
    ACK 7a0b129c41d9fefdbc20d6d04983dd87bb8379e7
  hebasto:
    ACK 7a0b129c41d9fefdbc20d6d04983dd87bb8379e7
  jarolrod:
    ACK 7a0b129c41d9fefdbc20d6d04983dd87bb8379e7

Tree-SHA512: 9e14e98207d20236b833603319fc4bb335c878a7c179ab495b33d143e2a900c6926125536bbb7499ee4f0f676cd5ea45c8c86cd7e544ed9a76bb298f98db6197
2024-02-29 09:34:59 -06:00
fanquake
30f6c4985b
Merge bitcoin/bitcoin#27326: guix: combine and document enable_werror
4becee396f3bda40832138dd1aaa90368ed31857 guix: combine and document enable_werror (fanquake)

Pull request description:

  Combine into `hardened-glibc`.
  Document why we don't use `--disable-werror` directly.

  https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
  > By default, the GNU C Library is built with -Werror. If you wish
  > to build without this option (for example, if building with a
  > newer version of GCC than this version of the GNU C Library was
  > tested with, so new warnings cause the build with -Werror to fail),
  > you can configure with --disable-werror.

ACKs for top commit:
  hebasto:
    ACK 4becee396f3bda40832138dd1aaa90368ed31857, the diff is correct.
  TheCharlatan:
    ACK 4becee396f3bda40832138dd1aaa90368ed31857

Tree-SHA512: 8724415f51b4d72d40c4e797faf52c93a81147fb629332b9388ffd7f113f2b16db3b7496bf3063dd978ac629fd5bde3ec7df4f1ff1ed714cb56f316a9334d119
2024-02-07 10:14:45 -06:00
fanquake
12afe0c995
Merge bitcoin/bitcoin#27153: guix: pass --enable-initfini-array to release GCC
127c637cf0a80e0ea68a7c5aaa088e5ccc9d3d13 guix: pass --enable-initfini-array to release GCC (fanquake)

Pull request description:

  This returns us to pre-Guix behaviour, where the compilers we were using to build releases, were configured with this option.

  > [--enable-initfini-array](https://gcc.gnu.org/install/configure.html)
  > Force the use of sections .init_array and .fini_array (instead of .init and .fini) for constructors and destructors. Option --disable-initfini-array has the opposite effect. If neither option is specified, the configure script will try to guess whether the .init_array and .fini_array sections are supported and, if they are, use them.

ACKs for top commit:
  TheCharlatan:
    ACK 127c637cf0a80e0ea68a7c5aaa088e5ccc9d3d13
  vincenzopalazzo:
    utACK 127c637cf0

Tree-SHA512: fa61227054d52d4dfb4524af3888203a501f680661bdef00bb0970d4e8f7c96cf7f592686c4795be5a0debca267b8e564a4960859297c31f6b261c0729238382
2024-02-07 10:14:45 -06:00
fanquake
7fdc7fb9d6
Merge bitcoin/bitcoin#26047: guix: use git-minimal over git
0cd7928133eb8a605979c6338bbcbcb116cfa669 guix: use git-minimal over git (fanquake)

Pull request description:

  From the [git-minimal package definition](https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/version-control.scm?id=998eda3067c7d21e0d9bb3310d2f5a14b8f1c681#n597):
  > The size of the closure of 'git-minimal' is two thirds that of 'git'.
  > Its test suite runs slightly faster and most importantly it doesn't
  > depend on packages that are expensive to build such as Subversion.

  We don't need any git functionality above the basics, so switch to `git-minimal` and save CPU when building the package, while also pruning the greater dependency graph (see `dependencies:` below). Note that git-minimal also lists `riscv64-linux` as a supported system, where `git` does not.

  ```diff
  -name: git
  +name: git-minimal
   version: 2.37.3
   outputs:
  -+ send-email: see Appendix H
  -+ svn: see Appendix H
  -+ credential-netrc: see Appendix H
  -+ credential-libsecret: see Appendix H
  -+ subtree: see Appendix H
  -+ gui: see Appendix H
   + out: everything else
  -systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux i686-linux armhf-linux powerpc-linux
  -dependencies: asciidoc@9.1.0 bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 docbook-xsl@1.79.2 expat@2.4.1 gettext-minimal@0.21 glib@2.70.2 libsecret@0.20.4 openssl@1.1.1l pcre2@10.37 perl-authen-sasl@2.16 perl-cgi@4.52
  -+ perl-io-socket-ssl@2.068 perl-net-smtp-ssl@1.04 perl-term-readkey@2.38 perl@5.34.0 pkg-config@0.29.2 python@3.9.9 subversion@1.14.1 tcl@8.6.11 tk@8.6.11.1 xmlto@0.0.28 zlib@1.2.11
  -location: gnu/packages/version-control.scm:222:2
  +systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux riscv64-linux i686-linux armhf-linux powerpc-linux
  +dependencies: bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 expat@2.4.1 gettext-minimal@0.21 openssl@1.1.1l perl@5.34.0 zlib@1.2.11
  +location: gnu/packages/version-control.scm:608:2
   homepage: https://git-scm.com/
   license: GPL 2
   synopsis: Distributed version control system
  ```

  Guix Build (x86_64):
  ```bash
  da4adca0304f19833893867418c8827e0213c58a1b605753355340a5f270754a  guix-build-0cd7928133eb/output/aarch64-linux-gnu/SHA256SUMS.part
  38c2b5f8e560018911ed776660fcd2aa8b6061a59af26118f06e23c9a335e80c  guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu-debug.tar.gz
  de117782318d6e0ed55efaae7b2f11d033fe05e7a72fbda3ef7bbcbc758add69  guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu.tar.gz
  6ae8ebfac28c43488b9aa386b9a87937789a57e54dc1d77a9c7b95323a417abc  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/SHA256SUMS.part
  97f5d9d14eeb4b2926304c142fa6c46b7126524b8f836655704f5643b58b9436  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf-debug.tar.gz
  37815ea73941cf0a870e5ac4aafe9249a63ed1eeaa37440de23c2d9bf2b77be8  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf.tar.gz
  64cd484fa48968dc7063c4f501e1ff62d1ba46ae9975bfa060a3c88e2a98d232  guix-build-0cd7928133eb/output/arm64-apple-darwin/SHA256SUMS.part
  4e7e0daaf0ac1b5ed5a7e5ee8085e5e6446c48e70161f78938acd0e916c55729  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.dmg
  0f2b534d16482e536552c7b3de605bd71997b898755fe5a9ac39b36aea2698b6  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.tar.gz
  03cd1f509c60919c2ad1503d2f98be444c9770b62c4d303cb4cbdc1100ce131d  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin.tar.gz
  1e28183c1c314921a8404b72283bb861dff28061310c18535618683b097e7e61  guix-build-0cd7928133eb/output/dist-archive/bitcoin-0cd7928133eb.tar.gz
  0f6459568d0369528ad35622d5378feccdac319eed618418841c22cc137cbd05  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/SHA256SUMS.part
  1cf0c8a48add60082c381935630b59a0bd483a7eda97f04b72dcb05143135109  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu-debug.tar.gz
  5332f148efa1579b077747c8c7d6c763d31804d4ac454abaf34a3e2374c9b6b2  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu.tar.gz
  5fc03945c2ab86ba43395ccf32cf4b338dcceb446e106c0f6e660dac47224183  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/SHA256SUMS.part
  5cfabdb27dc8fb7de402c558e5f962ac4fdaf2c344d201f27f7ed1370a550407  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu-debug.tar.gz
  ba265df6803d472434ecb3ad44983965a5eca1ccd42fea64760309ff70d17ee5  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu.tar.gz
  ff40a374f215eb3010291569b8ed1958054e408469fc8b2fe97a30cca0ad5451  guix-build-0cd7928133eb/output/riscv64-linux-gnu/SHA256SUMS.part
  7b7b89ac1905d58f1e96a7840c018a556c472015a44442d0742bf758cb5f67ca  guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu-debug.tar.gz
  10431bd8ffca82dd9c59f568272a1e7473cf474996f750d9bed4b576591fcff1  guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu.tar.gz
  4ef532d8dbe42900146a5b3e02de2a6a59d66b3c66a4b9d919d3aeb0e9637ab1  guix-build-0cd7928133eb/output/x86_64-apple-darwin/SHA256SUMS.part
  77a1abe4139c19d227309216e29cf55dae06c4469412b457c9f0e8cf1eccc25c  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.dmg
  33028b640efab25648d0ec1abe9e91abc983706623ca9e2e7ac5fbfca0970909  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.tar.gz
  e10d2d5617b8b1a33a622d5904d2bd8eaf57a5b3605e22ef916a57105db2311e  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin.tar.gz
  bf65d3574afed2e017c9625d38cc31e0f2cbb7f1e8a9ce346644ea3dbb938d13  guix-build-0cd7928133eb/output/x86_64-linux-gnu/SHA256SUMS.part
  ce3810e70c97b2698822e4f46fa64dfa12353f7b54400e671b64868e3e4d3472  guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu-debug.tar.gz
  4055370c15b199d1efef47cc262d9c43a3652dcd237a9434197ca3be4931b1d2  guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu.tar.gz
  e59ed970d1db5d4839fa67957945628f6919ef5491f4a595f89ed3d8c81f1a76  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/SHA256SUMS.part
  19c443fab5cb2fe75c9a5ad51fc022c97e31d7d69e049a889bd06f740f8daf78  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-debug.zip
  88f6ca5d299080114532ec550c59eca4a3cdb759d9ea35cb14eba0b135e72436  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-setup-unsigned.exe
  bcdb0b7467d3e47a694e51e9bfbaab9d5dc7162efe6c6bf4c303d368272c0cc6  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-unsigned.tar.gz
  db1d4bbfab53405080d3abd09d1f05b2642ed513f6d8fcb5d92b9d0b32745293  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64.zip
  ```

  Guix Build (arm64):
  ```bash
  da4adca0304f19833893867418c8827e0213c58a1b605753355340a5f270754a  guix-build-0cd7928133eb/output/aarch64-linux-gnu/SHA256SUMS.part
  38c2b5f8e560018911ed776660fcd2aa8b6061a59af26118f06e23c9a335e80c  guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu-debug.tar.gz
  de117782318d6e0ed55efaae7b2f11d033fe05e7a72fbda3ef7bbcbc758add69  guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu.tar.gz
  6ae8ebfac28c43488b9aa386b9a87937789a57e54dc1d77a9c7b95323a417abc  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/SHA256SUMS.part
  97f5d9d14eeb4b2926304c142fa6c46b7126524b8f836655704f5643b58b9436  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf-debug.tar.gz
  37815ea73941cf0a870e5ac4aafe9249a63ed1eeaa37440de23c2d9bf2b77be8  guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf.tar.gz
  64cd484fa48968dc7063c4f501e1ff62d1ba46ae9975bfa060a3c88e2a98d232  guix-build-0cd7928133eb/output/arm64-apple-darwin/SHA256SUMS.part
  4e7e0daaf0ac1b5ed5a7e5ee8085e5e6446c48e70161f78938acd0e916c55729  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.dmg
  0f2b534d16482e536552c7b3de605bd71997b898755fe5a9ac39b36aea2698b6  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.tar.gz
  03cd1f509c60919c2ad1503d2f98be444c9770b62c4d303cb4cbdc1100ce131d  guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin.tar.gz
  1e28183c1c314921a8404b72283bb861dff28061310c18535618683b097e7e61  guix-build-0cd7928133eb/output/dist-archive/bitcoin-0cd7928133eb.tar.gz
  0f6459568d0369528ad35622d5378feccdac319eed618418841c22cc137cbd05  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/SHA256SUMS.part
  1cf0c8a48add60082c381935630b59a0bd483a7eda97f04b72dcb05143135109  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu-debug.tar.gz
  5332f148efa1579b077747c8c7d6c763d31804d4ac454abaf34a3e2374c9b6b2  guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu.tar.gz
  5fc03945c2ab86ba43395ccf32cf4b338dcceb446e106c0f6e660dac47224183  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/SHA256SUMS.part
  5cfabdb27dc8fb7de402c558e5f962ac4fdaf2c344d201f27f7ed1370a550407  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu-debug.tar.gz
  ba265df6803d472434ecb3ad44983965a5eca1ccd42fea64760309ff70d17ee5  guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu.tar.gz
  ff40a374f215eb3010291569b8ed1958054e408469fc8b2fe97a30cca0ad5451  guix-build-0cd7928133eb/output/riscv64-linux-gnu/SHA256SUMS.part
  7b7b89ac1905d58f1e96a7840c018a556c472015a44442d0742bf758cb5f67ca  guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu-debug.tar.gz
  10431bd8ffca82dd9c59f568272a1e7473cf474996f750d9bed4b576591fcff1  guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu.tar.gz
  4ef532d8dbe42900146a5b3e02de2a6a59d66b3c66a4b9d919d3aeb0e9637ab1  guix-build-0cd7928133eb/output/x86_64-apple-darwin/SHA256SUMS.part
  77a1abe4139c19d227309216e29cf55dae06c4469412b457c9f0e8cf1eccc25c  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.dmg
  33028b640efab25648d0ec1abe9e91abc983706623ca9e2e7ac5fbfca0970909  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.tar.gz
  e10d2d5617b8b1a33a622d5904d2bd8eaf57a5b3605e22ef916a57105db2311e  guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin.tar.gz
  bf65d3574afed2e017c9625d38cc31e0f2cbb7f1e8a9ce346644ea3dbb938d13  guix-build-0cd7928133eb/output/x86_64-linux-gnu/SHA256SUMS.part
  ce3810e70c97b2698822e4f46fa64dfa12353f7b54400e671b64868e3e4d3472  guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu-debug.tar.gz
  4055370c15b199d1efef47cc262d9c43a3652dcd237a9434197ca3be4931b1d2  guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu.tar.gz
  e59ed970d1db5d4839fa67957945628f6919ef5491f4a595f89ed3d8c81f1a76  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/SHA256SUMS.part
  19c443fab5cb2fe75c9a5ad51fc022c97e31d7d69e049a889bd06f740f8daf78  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-debug.zip
  88f6ca5d299080114532ec550c59eca4a3cdb759d9ea35cb14eba0b135e72436  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-setup-unsigned.exe
  bcdb0b7467d3e47a694e51e9bfbaab9d5dc7162efe6c6bf4c303d368272c0cc6  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-unsigned.tar.gz
  db1d4bbfab53405080d3abd09d1f05b2642ed513f6d8fcb5d92b9d0b32745293  guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64.zip
  ```

ACKs for top commit:
  hebasto:
    ACK 0cd7928133eb8a605979c6338bbcbcb116cfa669, I have reviewed the code and it looks OK. I have also checked out the usage of the `git-minimal` in the `git-download` Guix module which is being used. Did not compare actual build dependences while building from scratch.
  jarolrod:
    ACK 0cd7928133eb8a605979c6338bbcbcb116cfa669

Tree-SHA512: f949c4d2f9560f98b8a418a981da38bbb9cfee5d0814bea6bb676b7193f3cbddafd23a92f852ee59c6a68c9c282095e6368cb65c5f2352b2ab54f9692575349c
2024-02-07 10:14:44 -06:00
fanquake
22e7845cf2
Merge bitcoin/bitcoin#25508: guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56
103c0d9f7e084c94ba7d83a44e784ab0b4a6d8e4 guix: use elfesteem 2eb1e5384ff7a220fd1afacd4a0170acff54fe56 (fanquake)

Pull request description:

  Our patch has been merged upstream, see https://github.com/LRGH/elfesteem/pull/3.

  Guix Build (x86_64):
  ```bash
  3deb66d386587e7ce29b92528170081d9e74443ddf50d07b72aacaee31c11641  guix-build-103c0d9f7e08/output/aarch64-linux-gnu/SHA256SUMS.part
  5f53a059ccf07181fa1154dc6ab741a9beda663a48d123d2aa4256ca7d38497a  guix-build-103c0d9f7e08/output/aarch64-linux-gnu/bitcoin-103c0d9f7e08-aarch64-linux-gnu-debug.tar.gz
  20cdb705439ff54822f7c3cad12254b46f8ff93aae58f1716253f39bd734eaf1  guix-build-103c0d9f7e08/output/aarch64-linux-gnu/bitcoin-103c0d9f7e08-aarch64-linux-gnu.tar.gz
  ae51fb2ef8e76326bde4693f778444a5c21df1feba42b161e667c5f069aae967  guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/SHA256SUMS.part
  0ffeaa089582871a578069c0251bf51823624274c23c2fd65f04d2a3e50f3296  guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/bitcoin-103c0d9f7e08-arm-linux-gnueabihf-debug.tar.gz
  71f3da47678d8169414ef0072271604fa550e84ce86979706b3b289a1521a119  guix-build-103c0d9f7e08/output/arm-linux-gnueabihf/bitcoin-103c0d9f7e08-arm-linux-gnueabihf.tar.gz
  f5d13de726f7705e946a2b3a63d182d8c7e70e3adc9a92552676898e9819db27  guix-build-103c0d9f7e08/output/arm64-apple-darwin/SHA256SUMS.part
  e411e8f0cc3ab18981ccb65768a6af1622748c14b6e0513401179bcd0df519a7  guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin-unsigned.dmg
  d7e9aa52f9b0a0249445e926753978d6845bab0c02639d162879b921f237b8ce  guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin-unsigned.tar.gz
  cefde91f0b75a27e945f190194dbe0dab5653a6bcc91b18bec34d952aebd72d7  guix-build-103c0d9f7e08/output/arm64-apple-darwin/bitcoin-103c0d9f7e08-arm64-apple-darwin.tar.gz
  0b399fd5f7a85974ab25933575a0173c814d4ab578d16ab13896bb51e408b92f  guix-build-103c0d9f7e08/output/dist-archive/bitcoin-103c0d9f7e08.tar.gz
  22d6a771d2eab73ab328c8b472160333dd52c6f734761f466c79251a37bd1895  guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/SHA256SUMS.part
  a6e598b022683e0858be8bd4a6d75bc15f2fbc7632c45f8b03c7a8dff367343a  guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/bitcoin-103c0d9f7e08-powerpc64-linux-gnu-debug.tar.gz
  04ea54706ac47f8880ae0fcddabb0f4fe899a0bacf52d0d936dbbc1149e14e10  guix-build-103c0d9f7e08/output/powerpc64-linux-gnu/bitcoin-103c0d9f7e08-powerpc64-linux-gnu.tar.gz
  059a7018ce96e141c258d516b85c3ee95f02b61dc2db4931fa14993b2bd945e3  guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/SHA256SUMS.part
  aacaa0e4827808ed189152c6f1a4e0d9300b89136a7dc064fd045f700ee06084  guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/bitcoin-103c0d9f7e08-powerpc64le-linux-gnu-debug.tar.gz
  4041f8de495b4633df0e28d75ab6cfd0bfe7ec9292384ce4d3331383d06da310  guix-build-103c0d9f7e08/output/powerpc64le-linux-gnu/bitcoin-103c0d9f7e08-powerpc64le-linux-gnu.tar.gz
  1586a47797a803cab03a9ebcd207eb395e1651c443e9192ac2b144b85e014762  guix-build-103c0d9f7e08/output/riscv64-linux-gnu/SHA256SUMS.part
  74f088bca4e7c0d44e6b7161ee4c835b38bc9291c78f37e53d3ede2da98d52c0  guix-build-103c0d9f7e08/output/riscv64-linux-gnu/bitcoin-103c0d9f7e08-riscv64-linux-gnu-debug.tar.gz
  12cfe35b28de03f2355d6fb5ed9393001d3b5a06b12a2792cb863ca4ae61db17  guix-build-103c0d9f7e08/output/riscv64-linux-gnu/bitcoin-103c0d9f7e08-riscv64-linux-gnu.tar.gz
  b021e117d1e92ad105234661468efeab98246db79d51267a766399776999bafe  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/SHA256SUMS.part
  0a6c9d00f9ea2d67ca58c867258bb1b595a3141d5f199ffb047f7235bb2863a6  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin-unsigned.dmg
  a7df5f759e792e4fae46ab7ddca5db8cff8973aa33d7d99c4bfbf7c04c2d3013  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin-unsigned.tar.gz
  801ec4f81af5f184cc0e0fcf650f4e5822d895a4202c35575f46e1c63498b1aa  guix-build-103c0d9f7e08/output/x86_64-apple-darwin/bitcoin-103c0d9f7e08-x86_64-apple-darwin.tar.gz
  813e9c9c6e0ce430d2096963dbffeb141f239d67b334e44b3fd1f1bc9246758d  guix-build-103c0d9f7e08/output/x86_64-linux-gnu/SHA256SUMS.part
  43e7afc360267fea8e1620e0c2ea40c45af07debbd646abf9fe631465c2e2c47  guix-build-103c0d9f7e08/output/x86_64-linux-gnu/bitcoin-103c0d9f7e08-x86_64-linux-gnu-debug.tar.gz
  0c5fc4b3c5bf4a53f1f9710cd738d5c0bbe6a2f0dc45e91f92065ae766b63635  guix-build-103c0d9f7e08/output/x86_64-linux-gnu/bitcoin-103c0d9f7e08-x86_64-linux-gnu.tar.gz
  08c031137c2c472a944f3220cf3812a8ec1dd70da9b0f264361ba16badb65b9f  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/SHA256SUMS.part
  4bbdc405075001b61e7cc48974e4b987c887a861add6db419fb51eccd914fbb0  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-debug.zip
  8de95b683500300a787dd1d0d74580e9d6ab448f00f4c32e58ad830b763f2755  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-setup-unsigned.exe
  36202c352d1f3b238daa00126f7ad369e53a510a32bb2585d69f967ef02aff48  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64-unsigned.tar.gz
  6255922a31502a23ea323095dec2d176bca22977222936fc7857a55ac001f6e9  guix-build-103c0d9f7e08/output/x86_64-w64-mingw32/bitcoin-103c0d9f7e08-win64.zip
  ```

ACKs for top commit:
  hebasto:
    ACK 103c0d9f7e084c94ba7d83a44e784ab0b4a6d8e4, I have reviewed the code and it looks OK.

Tree-SHA512: 421956999d2daedbce2e94a13dffa20b2dafb36ca5ffa094d8dca79eb5e60ec91bfade59cd24da548b45aec00f688d570e61a3567ea8075c25d198ac7fc4efff
2024-02-07 10:14:44 -06:00
Kittywhiskers Van Gogh
3d97c4b6a2 merge bitcoin#26057: Get rid of perl dependency 2023-08-08 06:05:02 -05:00
Kittywhiskers Van Gogh
a7cb99b184 build: use glibc 2.28 for all Linux builds 2023-08-01 12:07:31 -05:00
Kittywhiskers Van Gogh
04d77f72e9 merge bitcoin#27029: consolidate to glibc 2.27 for Linux builds 2023-08-01 12:07:31 -05:00
Kittywhiskers Van Gogh
0a7b8bda4f merge bitcoin#25357: drop -z,noexecstack for PPC64 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
6243a71267 merge bitcoin#25389: use libtool 2.4.7 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
66e1541808 merge bitcoin#21851: support cross-compiling for arm64-apple-darwin 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
205aa83eaa merge bitcoin#25484: enable toolchain hardening by default 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
fc6252bedc merge bitcoin#25437: remove explicit glibc stack protector disabling 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
a8129266eb merge bitcoin#25639: Drop repetition of option's default value 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
6169e200c3 merge bitcoin#24508: Drop unneeded openssl dependency for signapple 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
51675eef1d merge bitcoin#25558: Make windows cross architecture reproducible 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
cc1fcb0f44 merge bitcoin#25490: more cross arch reproducibility (x86_64 -> arm64) 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
fe4b87cabb merge bitcoin#25076: native GCC 10 toolchain for Linux builds 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
4a36086368 merge bitcoin#25006: consolidate kernel headers to 5.15, specify 3.2.0 as minimum supported 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
808367dd7c merge bitcoin#24842: fix GCC 10.3.0 + mingw-w64 setjmp/longjmp issues 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
edf48e4c38 merge bitcoin#24736: fix vmov alignment issues with gcc 10.3.0 & mingw-w64 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
17103b90f9 merge bitcoin#25779: ignore additional failing certvalidator test 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
cc9f59d0fb merge bitcoin#24573: Update signapple for platform identifier fix 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
817eb46170 merge bitcoin#24506: Include arch in codesignature tarball 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
7900670bbe merge bitcoin#24503: use the latest version of signapple 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
7110c364fa merge bitcoin#24599: remove mingw-w64 std::filesystem workaround 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
f739811061 merge bitcoin#24348: Fix Guix build for Windows 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
569188e0b0 merge bitcoin#24495: only use native GCC 7 toolchain for Linux builds 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
1158ebb2e6 merge bitcoin#23778: Guix 1.4.0 & GCC 10.3 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
b1dd417f26 merge bitcoin#23909: use a static .tiff for macOS .dmg over generating 2023-06-18 11:47:54 -05:00
Andrew Chow
8f5ffef6b4 Merge bitcoin/bitcoin#27172: guix: switch to some minimal versions of packages in our manifest
2c9eb4afe1f583aafa552b2711b149f17ef8320f guix: use cmake-minimal over cmake (fanquake)
1475515312856afe3f19a95f2c32bc80c7c54484 guix: use coreutils-minimal over coreutils (fanquake)
444562141504ff7f0bb071d6e7bf7f511517e372 guix: use bash-minimal over bash (fanquake)

Pull request description:

  Minimal versions of the same packages, that should still be sufficient for our use:

  > (define-public bash-minimal
    ;; A stripped-down Bash for non-interactive use.

  > (define-public coreutils-minimal
    ;; Coreutils without its optional dependencies.

  > ;;; This minimal variant of CMake does not include the documentation.  It is
  ;;; used by the cmake-build-system.
  (define-public cmake-minimal

ACKs for top commit:
  TheCharlatan:
    ACK 2c9eb4afe1f5
  Sjors:
    tACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f
  achow101:
    ACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f
  hebasto:
    ACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f,

Tree-SHA512: f91ca9e088b8346b20c2affc80870c31640de3aedcfcc0fb98a5e82c77ef64537870b88552f26759d31d8d0956b1fd685e6c25d5acbc92f5feaececd1a7dd37e
2023-06-10 17:40:23 -05:00
fanquake
14e18f8501 Merge bitcoin/bitcoin#27361: guix: use python-minimal (3.9)
d0e571ebb187d7c4c2821f1334cb2dd4222dd8ce guix: use python-minimal (3.9) (fanquake)

Pull request description:

  This further minifies the Guix release build environment.

ACKs for top commit:
  TheCharlatan:
    ACK d0e571ebb187
  hebasto:
    ACK d0e571ebb187d7c4c2821f1334cb2dd4222dd8ce

Tree-SHA512: 0a8aa9ae861107f106c3b9c41f78ffbaf0e71e3c61f6d96e5c82415b4570b8ac85d6578d37cd0df0ec315c1c9f35fc90b281f139271ccfd15a1495ba76166789
2023-06-10 17:40:23 -05:00
Kittywhiskers Van Gogh
ecb9ff8062 merge bitcoin#25458: parallelize LIEF build 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
e91a62be3c merge bitcoin#24561: use LIEF 0.12.0 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
24a6642b6f partial bitcoin#22381: Test security-check sanity before performing them (with macOS)
excludes:
- d6ef3543ae16847d5a91fa9271acee9bd2164b32
2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
ef65f610bb merge bitcoin#21871: add checks for minimum required OS versions 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
ef9300ad63 merge bitcoin#21664: use LIEF for macOS and Windows symbol & security checks 2023-06-07 14:42:02 +05:30
fanquake
e4a6ea6032 Merge bitcoin/bitcoin#25861: guix: use --build={arch}-guix-linux-gnu in cross toolchain
56e79fe683d36c1944e52326fae3bcc4cb7deec7 guix: use --build={arch}-guix-linux-gnu in cross toolchain (fanquake)

Pull request description:

  Technically we are always cross-compiling when Guix building, so make that explicit. `{arch}-guix-linux-gnu` is not a triplet that should be used in any other capacity, but here it serves the purpose of ensuring, that by setting `--build` to something other than `--host/--target`, we are always cross-compiling (in the eyes of autoconf etc) when building our cross toolchains. It looks like `x86_64-linux-gnu` on `x86_64-linux-gnu` currently works because of the triplet canonicalisation, i.e `x86_64-linux-gnu` becomes `x86_64-pc-linux-gnu`, and GCCs configure thinking it's cross-compiling, whereas the same canonicalisation doesn't happen for `aarch64-linux-gnu` so we don't get a cross-compile when building on aarch64.

  Fixes: #22458.

  Guix Build (x86_64):
  ```bash
  e590e67d2b151e7d079f50393c61cacf9e65f5e3fdddc10bffd5dbb59cd9f5e3  guix-build-56e79fe683d3/output/aarch64-linux-gnu/SHA256SUMS.part
  9222a733209dc73168722ee0f290831d1723f7ed55abc1e243dd3892ef9733f1  guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu-debug.tar.gz
  a4ec01411195412e9a483397554d98b2db161a6be8aceee2dac78f0015f2a8e5  guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu.tar.gz
  a4ff8f2538c1b3a63a3e7c92699c18164b2c4954ebd72c4a854bf7844e6131b6  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/SHA256SUMS.part
  ac6e4dffcf6f49dac73d3677f3fe5edb08ee1127648bc7ec24b217f48a3a4d21  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf-debug.tar.gz
  ab26467fce9732596b1713179618eee20c2bd44875dc1c39f9afd68f135e8ce4  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf.tar.gz
  f44108d818d53ee7e70b44361cb3cc6841b7aecbe4fade1fa289263718620824  guix-build-56e79fe683d3/output/arm64-apple-darwin/SHA256SUMS.part
  29adfb2d575be8b5a7092b2aff888af2084ad5783bdc74ae3de4b2dd84da7a26  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.dmg
  3d7640f604bd27cb1ae47853d70378a7631aa436b5c027eae31fa06d4dd20d4a  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.tar.gz
  3f8d8fc49cf722a7a13640872762d045c14efd610fba908f0acc99a99032b903  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin.tar.gz
  b8df097e10e7acded8556a5681da2b0132c0d509b200792f5584c186b8dcaf24  guix-build-56e79fe683d3/output/dist-archive/bitcoin-56e79fe683d3.tar.gz
  1a605c563038107b88e8d859fa045ca3087241340264eb7125e97b3af36874db  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/SHA256SUMS.part
  d10be89a816ee2f47bf778ef4aaa8a7b548403c123a4b4b3aa0470ee7b9472d2  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu-debug.tar.gz
  839dd079d677c87a91ccc28f6c423657d98212350d3693ae2facb92082d10c88  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu.tar.gz
  200d7a72a7901b6788e70aa1c6fbbe16144e9dac29beb06242a9dcfe1e88acbe  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/SHA256SUMS.part
  3d207bb57dc45f234d804a9ee615001aa28ac4b59b530a1e7d16d0a72c2ea514  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu-debug.tar.gz
  16a789c98409d36bd6b69a5ca38cd8886979f50f845265dc0b005c92286a3e4f  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu.tar.gz
  e48f6fae9c2ffeb2bf02ffc073ac69648b2ce4ba87e0ad7a3a5059abf33b8ce2  guix-build-56e79fe683d3/output/riscv64-linux-gnu/SHA256SUMS.part
  fa8d66af5f202e0c8968114af4dcd6d88099eb91d197dfaaa0144f8ae6b12f4a  guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu-debug.tar.gz
  86cffa62687f4272c899897ff6c1a86e1a7bdbbb7ab09a085b7b1122d3a1f1b2  guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu.tar.gz
  e42a7c33da6ea4be5d0826df097bdc7e919c9fd6642e7d59fe3d45a97d9009fa  guix-build-56e79fe683d3/output/x86_64-apple-darwin/SHA256SUMS.part
  2f9faa88fa0025b9bfade83177b1f50833dc6c3be1ef26c4d5881aa165bcc537  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.dmg
  fdfe560968c85500dc886d4e12b851cd27a76de860b8cbf1fb6aac95ccd0582e  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.tar.gz
  c3c75560befd72a9f13f5626ddf39c63ad25fb9753a4d941e48830b7e06f143e  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin.tar.gz
  38100946ec1469fdd31aa8ea9e471b317dc278c298c106289c119016c2c0caa0  guix-build-56e79fe683d3/output/x86_64-linux-gnu/SHA256SUMS.part
  67890771aad89dc0d20b8dcdc6b29bd838ace310e8bcbbc0d16d7afc87d3a474  guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu-debug.tar.gz
  a9772b40c8b9d3c1a0bf9c9db2a60050415bf6a9bd4a19cfd8a038f4a1e712e3  guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu.tar.gz
  01da0561f2c3a268c28615b1573dfdecb6346bf3f8eba7a052488191234ac1d6  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/SHA256SUMS.part
  71324ac0f6fc8163e41031b2fd2d38d2e15bfd5ef4efe4cb45d7974fad474394  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-debug.zip
  219b58281d3c79b2ed7e9085b1e15d7e021fd3899ef07a6ad747058b43d64443  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-setup-unsigned.exe
  fe838d32587c2f942fcd9f9a0b3735611b686a867e2d2040cf3a8aa6a43d09fe  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-unsigned.tar.gz
  13b537217a13293b93afd7c588b3733955c3188f79a3249b363fb4e885b74b32  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64.zip
  ```

  Guix Build (arm64):
  ```bash
  e590e67d2b151e7d079f50393c61cacf9e65f5e3fdddc10bffd5dbb59cd9f5e3  guix-build-56e79fe683d3/output/aarch64-linux-gnu/SHA256SUMS.part
  9222a733209dc73168722ee0f290831d1723f7ed55abc1e243dd3892ef9733f1  guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu-debug.tar.gz
  a4ec01411195412e9a483397554d98b2db161a6be8aceee2dac78f0015f2a8e5  guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu.tar.gz
  a4ff8f2538c1b3a63a3e7c92699c18164b2c4954ebd72c4a854bf7844e6131b6  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/SHA256SUMS.part
  ac6e4dffcf6f49dac73d3677f3fe5edb08ee1127648bc7ec24b217f48a3a4d21  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf-debug.tar.gz
  ab26467fce9732596b1713179618eee20c2bd44875dc1c39f9afd68f135e8ce4  guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf.tar.gz
  f44108d818d53ee7e70b44361cb3cc6841b7aecbe4fade1fa289263718620824  guix-build-56e79fe683d3/output/arm64-apple-darwin/SHA256SUMS.part
  29adfb2d575be8b5a7092b2aff888af2084ad5783bdc74ae3de4b2dd84da7a26  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.dmg
  3d7640f604bd27cb1ae47853d70378a7631aa436b5c027eae31fa06d4dd20d4a  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.tar.gz
  3f8d8fc49cf722a7a13640872762d045c14efd610fba908f0acc99a99032b903  guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin.tar.gz
  b8df097e10e7acded8556a5681da2b0132c0d509b200792f5584c186b8dcaf24  guix-build-56e79fe683d3/output/dist-archive/bitcoin-56e79fe683d3.tar.gz
  1a605c563038107b88e8d859fa045ca3087241340264eb7125e97b3af36874db  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/SHA256SUMS.part
  d10be89a816ee2f47bf778ef4aaa8a7b548403c123a4b4b3aa0470ee7b9472d2  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu-debug.tar.gz
  839dd079d677c87a91ccc28f6c423657d98212350d3693ae2facb92082d10c88  guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu.tar.gz
  200d7a72a7901b6788e70aa1c6fbbe16144e9dac29beb06242a9dcfe1e88acbe  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/SHA256SUMS.part
  3d207bb57dc45f234d804a9ee615001aa28ac4b59b530a1e7d16d0a72c2ea514  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu-debug.tar.gz
  16a789c98409d36bd6b69a5ca38cd8886979f50f845265dc0b005c92286a3e4f  guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu.tar.gz
  e48f6fae9c2ffeb2bf02ffc073ac69648b2ce4ba87e0ad7a3a5059abf33b8ce2  guix-build-56e79fe683d3/output/riscv64-linux-gnu/SHA256SUMS.part
  fa8d66af5f202e0c8968114af4dcd6d88099eb91d197dfaaa0144f8ae6b12f4a  guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu-debug.tar.gz
  86cffa62687f4272c899897ff6c1a86e1a7bdbbb7ab09a085b7b1122d3a1f1b2  guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu.tar.gz
  e42a7c33da6ea4be5d0826df097bdc7e919c9fd6642e7d59fe3d45a97d9009fa  guix-build-56e79fe683d3/output/x86_64-apple-darwin/SHA256SUMS.part
  2f9faa88fa0025b9bfade83177b1f50833dc6c3be1ef26c4d5881aa165bcc537  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.dmg
  fdfe560968c85500dc886d4e12b851cd27a76de860b8cbf1fb6aac95ccd0582e  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.tar.gz
  c3c75560befd72a9f13f5626ddf39c63ad25fb9753a4d941e48830b7e06f143e  guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin.tar.gz
  38100946ec1469fdd31aa8ea9e471b317dc278c298c106289c119016c2c0caa0  guix-build-56e79fe683d3/output/x86_64-linux-gnu/SHA256SUMS.part
  67890771aad89dc0d20b8dcdc6b29bd838ace310e8bcbbc0d16d7afc87d3a474  guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu-debug.tar.gz
  a9772b40c8b9d3c1a0bf9c9db2a60050415bf6a9bd4a19cfd8a038f4a1e712e3  guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu.tar.gz
  01da0561f2c3a268c28615b1573dfdecb6346bf3f8eba7a052488191234ac1d6  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/SHA256SUMS.part
  71324ac0f6fc8163e41031b2fd2d38d2e15bfd5ef4efe4cb45d7974fad474394  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-debug.zip
  219b58281d3c79b2ed7e9085b1e15d7e021fd3899ef07a6ad747058b43d64443  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-setup-unsigned.exe
  fe838d32587c2f942fcd9f9a0b3735611b686a867e2d2040cf3a8aa6a43d09fe  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-unsigned.tar.gz
  13b537217a13293b93afd7c588b3733955c3188f79a3249b363fb4e885b74b32  guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64.zip
  ```

ACKs for top commit:
  hebasto:
    ACK 56e79fe683d36c1944e52326fae3bcc4cb7deec7

Tree-SHA512: 628ab6cda80069ad277107639bef21b44a8417198862e9ec89b45a2c41741d29aeb79aa58c5a90283fb96cf707494ae948ac790abde809bb18c86b14af999200
2023-04-16 12:07:09 -05:00
Konstantin Akimov
559190fb27 docs: dashification of guix 2023-04-15 12:13:27 -05:00
fanquake
caeab86593 Merge bitcoin/bitcoin#24215: [22.x] guix: ignore additional failing certvalidator test
b7ecef1ddf0c9f1f53ab220bee2e19a6b8978e34 guix: ignore additioanl failing certvalidator test (fanquake)

Pull request description:

  Backports 8588591965 from #24057 so that from-scratch Guix builds for the Darwin host aren't broken due to a (very recently) expired certificate causing one of the python-certvalidator tests to fail. Kept separate from #23276 because that hasn't gotten review attention, and I don't think we should leave `22.x` Darwin Guix builds broken for any longer than we have to.

  Fixes #24110.

  ```bash
  ======================================================================
  ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
      validate_path(context, path)
    File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
      return _validate_path(validation_context, path)
    File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
      raise PathValidationError(pretty_message(
  certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-01-14 12:00:00Z
  ```

  Guix Build:
  ```bash
  bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  359755bffecc64b4c005c5cdee3824190f6b1759dbc6c20034476dcc06413959  guix-build-b7ecef1ddf0c/output/dist-archive/bitcoin-b7ecef1ddf0c.tar.gz
  0c6700270ec75991d70a97cad77e22cc00553f812edb56c1bac5ef6421f963e1  guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/SHA256SUMS.part
  87d4637a87959a304422550edf87feda3953d7305894154a6a2d413cc0dd2034  guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-osx-unsigned.dmg
  9cabae32689bd5f93e7faaaf341827f1c4069a63ab6f74276564e47819343b6c  guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-osx-unsigned.tar.gz
  bb5fb113bc022a305e49783d0ba48be90aca61e4a942beeb45206dbc5b91ca6e  guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-x86_64-apple-darwin.tar.gz
  ```

ACKs for top commit:
  MarcoFalke:
    Concept ACK b7ecef1ddf0c9f1f53ab220bee2e19a6b8978e34

Tree-SHA512: 8f761fece405b3b974b9f42ab4ebf8995d3284ce7bfb0556ff8459e1a7d30f8bd2f407cb5651e9fa1094c493148bba7a8918a251b54a83efe12acfaf3d39f350
2023-03-26 16:50:26 -05:00
fanquake
cee464caa3 Merge bitcoin/bitcoin#22465: guix: Pin kernel-header version, time-machine to upstream 1.3.0 commit
e6a94d44469f90f4dc88a07a5a8587730811c705 guix: Bump to version-1.3.0 from upstream (Carl Dong)
90fd13b954a364963f58e6cd12962c6f1986f79b guix: Pin kernel header version (Carl Dong)

Pull request description:

  ```
  - Use 4.19 for riscv64 (earliest LTS release w/ riscv64 support)
  - Use 4.9 for all others (second-oldest LTS release, released in
    combination with glibc glibc 2.24 in Debian stretch)
  ```

  ```
  The chosen commit is the HEAD of Guix's version-1.3.0 branch as of July
  15th, 2021.

  Also fix visual indenting.
  ```

  -----

  This + the documentation PR should make our Guix system ready for release!

ACKs for top commit:
  MarcoFalke:
    review ACK e6a94d44469f90f4dc88a07a5a8587730811c705 to change to vanilla guix. Did not review the kernel change.
  laanwj:
    ACK e6a94d44469f90f4dc88a07a5a8587730811c705
  fanquake:
    ACK e6a94d44469f90f4dc88a07a5a8587730811c705

Tree-SHA512: a175e4ddb3ee786a39f5e800ce336932ad2f6797a3a28400a6f723875d0f19833fd36cedc41b3580e4604110517211bd9f557be36adf7265fd8e591c434ae032
2023-03-26 16:50:26 -05:00
fanquake
7084e52141 Merge bitcoin/bitcoin#22365: guix: Avoid relying on newer symbols by rebasing our cross toolchains on older glibcs
647f7e5f1da1089d451f3c431efc635b8e87b064 guix: Also sort SHA256SUMS.part (Carl Dong)
dc4137a60c99979b89f75d2bddba96d043f387b8 guix: Build depends/qt with our platform definition (Carl Dong)
16b0a936e15b81710755303e11ef51f608b61475 guix: Rebase toolchain on glibc 2.24 (2.27 for riscv64) (Carl Dong)

Pull request description:

  After this PR, we'll have the following:
  - riscv64 -> build with a toolchain targeting glibc 2.27
  - everything else -> builds with a toolchain targeting glibc 2.24, but will not have symbols > 2.17 (checked by `symbol-check.py`)

ACKs for top commit:
  achow101:
    reACK 647f7e5f1da1089d451f3c431efc635b8e87b064
  hebasto:
    ACK 647f7e5f1da1089d451f3c431efc635b8e87b064
  MarcoFalke:
    review ACK 647f7e5f1da1089d451f3c431efc635b8e87b064
  fanquake:
    ACK 647f7e5f1da1089d451f3c431efc635b8e87b064 - documentation can be fixed shortly.

Tree-SHA512: ddff57a5d7c053687b0a273720d4ad7d28c6fc8816226d4304869284d017af5e3630d4b57565d91e74f2e1b7583c9c83ee8b2e5e70e41d619ab618e602c97a94
2023-03-26 16:50:26 -05:00
fanquake
56d2bc249b Merge bitcoin/bitcoin#22182: guix: Overhaul how guix-{attest,verify} works and hierarchy
e2c40a4ed5272d72fea997bd936fba28bb753226 guix-attest: Error out if SHA256SUMS is unexpected (Carl Dong)
4cc35daed557f38b080360a89036b2e97a6f78c2 Rewrite guix-{attest,verify} for new hier (Carl Dong)
28a9c9b83924f585b397f0f3b8e9e73780ac0ad6 Make SHA256SUMS fragment right after build (Carl Dong)

Pull request description:

  Based on:  #22075
  Code reviewers: I recommend reading the new `guix-{attest,verify}` files instead of trying to read the diff

  The following changes resolve many usability improvements which were pointed out to me:
  1. Some maintainers like to extract their "uncodesigned tarball" inside the `output/` directory, resulting in the older `guix-attest` mistakenly attesting to the extracted contents
  2. Maintainers whose GPG keys reside on an external smartcard often need to physically interact with the smartcard as a way to approve the signing operation, having one signature per platform means a lot of fidgeting
  3. Maintainers wishing to sign on a separate machine now has the option of transferring only a subtree of `output/`, namely `output/*/SHA256SUMS.part`, in order to perform a signature (you may need to specify an `$OUTDIR_BASE` env var)
  4. An `all.SHA256SUMS` file should be usable as the base `SHA256SUMS` in bitcoin core torrents and on the release server.

  For those who sign on an separate machine than the one you do builds on, the following steps will work:
  1. `env GUIX_SIGS_REPO=/home/achow101/guix.sigs SIGNER=achow101 NO_SIGN=1 ./contrib/guix/guix-attest`
  2. Copy `/home/achow101/guix.sigs/<tag>/achow101` (which does not yet have signatures) to signing machine
  3. Sign the `SHA256SUMS` files:
      ```bash
      for i in "<path-to-achow101>/*.SHA256SUMS"; do
          gpg --detach-sign --local-user "<your-key-here>" --armor --output "$i"{.asc,}
      done
      ```
  5. Upload `<path-to-achow101>` (now with signatures) to `guix.sigs`

  -----

  After this change, output directories will now include a `SHA256SUMS.part` fragment, created immediately after a successful build:
  ```
  output
  └── x86_64-w64-mingw32
      ├── bitcoin-4e069f7589da-win64-debug.zip
      ├── bitcoin-4e069f7589da-win64-setup-unsigned.exe
      ├── bitcoin-4e069f7589da-win64.zip
      ├── bitcoin-4e069f7589da-win-unsigned.tar.gz
      └── SHA256SUMS.part
  ```

  These `SHA256SUMS.part` fragments look something like:
  ```
  3ebd7262b1a0a5bb757fef1f70e7e14033c70f98c059bc4dbfee5d1992b25825  dist-archive/bitcoin-4e069f7589da.tar.gz
  def2e7d3de5ab3e3f955344e75151df4f33713f9101f5295bd13c9375bdf633b  x86_64-w64-mingw32/bitcoin-4e069f7589da-win64-debug.zip
  643049fe3ee4a4e83a1739607e67b11b7c9b1a66208a6f35a9ff634ba795500e  x86_64-w64-mingw32/bitcoin-4e069f7589da-win64-setup-unsigned.exe
  a247a1ccec0ccc2e138c648284bd01f6a761f2d8d6d07d91b5b4a6670ec3f288  x86_64-w64-mingw32/bitcoin-4e069f7589da-win-unsigned.tar.gz
  fab76a836dcc592e39c04fd2396696633fb6eb56e39ecbf6c909bd173ed4280c  x86_64-w64-mingw32/bitcoin-4e069f7589da-win64.zip
  ```

  Meaning that they are valid `SHA256SUMS` files when `sha256sum --check`'d at the `guix-build-*/output` directory level

  When `guix-attest` is invoked, these `SHA256SUMS.part` files are combined and sorted (by `-k2`, `LC_ALL=C`) to create:

  1. `noncodesigned.SHA256SUMS` for a manifest of all non-codesigned outputs, and
  3. `all.SHA256SUMS` for a manifest of all outputs including non-codesigned outputs

  Then both files are signed, resulting in the following `guix.sigs` hierarchy:
  ```
  4e069f7589da/
  └── dongcarl
      ├── all.SHA256SUMS
      ├── all.SHA256SUMS.asc
      ├── noncodesigned.SHA256SUMS
      └── noncodesigned.SHA256SUMS.asc
  ```

ACKs for top commit:
  achow101:
    ACK e2c40a4ed5272d72fea997bd936fba28bb753226
  hebasto:
    ACK e2c40a4ed5272d72fea997bd936fba28bb753226, tested on Linux Mint 20.1 (x86_64) with and w/o `NO_SIGN=1`. Changes in `contrib/guix/libexec/codesign.sh` and `contrib/guix/guix-verify` are reviewed only.

Tree-SHA512: 618aacefb0eb6595735a9ab6a98ea6598fce65f9ccf33fa1e7ef93bf140c0f6cfc16e34870c6aa3e4777dd3f004b92a82a994141879870141742df948ec59c1f
2023-03-26 16:50:26 -05:00
fanquake
7297abfcaf Merge bitcoin/bitcoin#22190: Use latest signapple commit
683d197970a533690ca1bd4d06d021900e87cb8b Use latest signapple commit (Andrew Chow)

Pull request description:

  Update gitian and guix to use the same latest signapple commit.

  Also changed guix to use the actual repo. The changes from the fork were incorporated upstream.

ACKs for top commit:
  fanquake:
    ACK 683d197970a533690ca1bd4d06d021900e87cb8b - sanity checked that the updated package is built:

Tree-SHA512: a4981f8bbe33e6c5654632bc9b9f6f2f1e675741a19ac7296205e370f1e64a747101ecb632e0cc82a0134e4c2e9ce47b3f7b4d8c8f75f0f06dd069c078303759
2023-03-26 16:50:26 -05:00
W. J. van der Laan
033e30de8b Merge bitcoin/bitcoin#21239: guix: Add codesignature attachment support for osx+win
ee883201cf134952284632e9e9ae72bf1c8c792f guix: repro: Sort find output in libtool for gcc-8 (Carl Dong)
ee0a67c32a8861eab650bf8894af06807578eba0 codesigning: Use SHA256 as digest for osslsigncode (Windows) (Carl Dong)
38eb91eb0616ed6dbe34c23e11588d130fef07f8 guix: Add codesigning functionality (Carl Dong)
bac2690e6f683fcedb883fe1d32f3c33c628a141 guix: Package codesigning tools (Carl Dong)
0a2176d47767972e4cd5ed302c1dbeedece1708b guix: Reindent existing manifest.scm (Carl Dong)
c090a3e9238ba2df07875b4708e908d8dca4ed9b Makefile.am: use APP_DIST_DIR instead of hard-coding dist (Carl Dong)

Pull request description:

  This is the last PR before we reach feature-parity with the Gitian process!

  Note: I tried using the `Makefile` inside the distsrc to make the dmg instead of manually listing out the commands, but `make` seems to want to re-make a lot of other files which broke the dmg.

  The workflow looks something like this:
  1. `env [ FOO=bar... ] ./contrib/guix/guix-build` (add additional env vars as necessary)
  2. Codesigners only:
      1.  Copy `guix-build-<short-id>/output/x86_64-apple-darwin18/bitcoin-<short-id>-osx-unsigned.tar.gz` and `guix-build-<short-id>/output/x86_64-w64-mingw32/bitcoin-<short-id>-win-unsigned.tar.gz` to signing computer
      2. Codesign with `./detached-sig-create.sh` inside the tarball
      3. Upload contents of `signature-{osx,win}.tar.gz` to https://github.com/bitcoin-core/bitcoin-detached-sigs (as a new tag)
  3. Checkout new tag for `bitcoin-core/bitcoin-detached-sigs` with the detached signatures
  4. `env [ FOO=bar... ] DETACHED_SIGS_REPO=<path/to/bitcoin-detached-sigs> ./contrib/guix/guix-codesign` (modify env vars as necessary)
  5. Make sure `guix.sigs` is cloned and updated
  6. `env GUIX_SIGS_REPO=<path/to/guix.sigs> SIGNER=0x96AB007F1A7ED999=dongcarl ./contrib/guix/guix-attest` (modify env vars as necessary)
  7. Commit your new signatures and SHA256SUMS in `guix.sigs`
  8. Optionally, after there are multiple signatures in `guix.sigs`: `env GUIX_SIGS_REPO=<path/to/guix.sigs> ./contrib/guix/guix-verify`

ACKs for top commit:
  laanwj:
    Tested ACK ee883201cf134952284632e9e9ae72bf1c8c792f
  achow101:
    ACK ee883201cf134952284632e9e9ae72bf1c8c792f

Tree-SHA512: e812a07a5f19f900600c70cb9c717769ef544a6c0c12760b5558b76b6b37df863257f3dbf38b0757e6e06e334470267e94c9f2bdbc27409d6837b1a0bfc6acbc
2023-03-26 16:50:26 -05:00
W. J. van der Laan
67efaa8808 Merge bitcoin/bitcoin#21799: guix: Use gcc-8 across the board
c90f6e51094a1ba4fb2aab35b78f23b6fda645d0 guix: Consistently use gcc-8 for $HOST (Carl Dong)

Pull request description:

  Only non-base commit is the last commit: b5abb07d0d

  Right now, here's what we use in Gitian:
  - Linux: Focal's [`g++-8-<arch>-linux-gnu`](https://packages.ubuntu.com/focal/g++-8-aarch64-linux-gnu) (`8.4.0-3ubuntu1cross1`)
  - MinGW-w64: Focal's [`g++-mingw-w64`](https://packages.ubuntu.com/focal/g++-mingw-w64) (`9.3.0-7ubuntu1+22~exp1ubuntu4`)

  In Guix right now we use `gcc-9` across the board.

  I think it makes more sense to use `gcc-8` across the board, as it doesn't suffer from the `memcmp` bug, and is what debian buster (stable) does, meaning it will be well tested ([`g++-mingw-w64`](https://packages.debian.org/buster/g++-mingw-w64), [`g++-aarch64-linux-gnu`](https://packages.debian.org/buster/g++-aarch64-linux-gnu)).

  We can accomplish this somewhat easily using Guix as we have tighter control over the toolchain (see: b5abb07d0d).

  Let me know your thoughts!

ACKs for top commit:
  MarcoFalke:
    Approach ACK c90f6e51094a1ba4fb2aab35b78f23b6fda645d0, haven't reviewed
  laanwj:
    Code review ACK c90f6e51094a1ba4fb2aab35b78f23b6fda645d0
  hebasto:
    ACK c90f6e51094a1ba4fb2aab35b78f23b6fda645d0, I have reviewed the code and it looks OK, I agree it can be merged.

Tree-SHA512: 3e5b9297305232273323aa745ec417ed1be2418ead0e432db7742f5d5f45efe6e4a2ed44328731512cff4bfde80e5f2dc350a131b8b8fb9207a2ef66bce27ed2
2023-03-26 16:50:26 -05:00
fanquake
7d78f06a92 partial Merge bitcoin/bitcoin#19817: build: macOS toolchain bump
a5550f877a2c46d01bb620ae051c0c8ed0fecd0b build: use -stdlib++-isystem with Clang 10 (fanquake)
51d9d1607f2e9d593693ca799393f068192e41aa guix: use Clang 10 for the macOS cross compile (fanquake)
b80a6af9e55325d444e117e85bbfc76d88d898a8 build: no longer patch threading out of ld64 (fanquake)
c29cba44b3706e0a2035e440e560f2d15d50433b build: Xcode 12.1, macOS SDK 10.15.6 (fanquake)
9ed2f19d385aa95f65807999bba2e18417b143dc build: native cctools 973.0.1, ld64 609 (fanquake)
f48f187cce7fa43646fb0d796c244e1515e763ec build: Clang 10.0.1 (Hennadii Stepanov)
9b193cd2a3ca20917611fbed56dfbcd8a39aeab8 build: libtapi 1100.0.11 (fanquake)

Pull request description:

  Bumps our macOS toolchain to be using the following:
  * Clang 10.0.1 (gitian) & Clang 10.0.0 (Guix)
  * ld64 609
  * libtapi 1100.0.11
  * cctools  973.0.1
  * Xcode 12.1
  * macOS SDK 10.15.6

  which are currently the most recent releases available as open source. See upstream [`cctools`](https://github.com/tpoechtrager/cctools-port/commits/973.0.1-ld64-609) and [`libtapi`](https://github.com/tpoechtrager/apple-libtapi/tree/1100.0.11).

  This should improve the possibility of Apple ARM cross-compilation in depends.

  This also removes our [patching out of pthreads usage](https://github.com/bitcoin/bitcoin/blob/master/depends/patches/native_cctools/ld64_disable_threading.patch) in `ld64`. There have been multiple changes since `ld64 450.3`, which have likely fixed the non-determinism we were working around. i.e from [InputFiles.cpp](https://opensource.apple.com/source/ld64/ld64-609/src/ld/InputFiles.cpp.auto.html):
  ```cpp
  // <rdar://problem/15002251> make implicit dylib order be deterministic by sorting by install_name
  std::sort(implicitDylibs.begin(), implicitDylibs.end(), DylibByInstallNameSorter());
  ```

  ```cpp
  // <rdar://problem/42675402> ld64 output is not deterministic due to dylib processing order
  std::sort(unprocessedDylibs.begin(), unprocessedDylibs.end(), [](const ld::dylib::File* lhs, const ld::dylib::File* rhs) {
  return strcmp(lhs->path(), rhs->path()) < 0;
  });
  ```

  Guix Build:
  ```bash
  find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
  f6c3817b8fe5f7370299d1ae2533e4a3acd313ba9f9aa8d423a8956117e52dd5  guix-build-a5550f877a2c/output/dist-archive/bitcoin-a5550f877a2c.tar.gz
  4954dcf563c2d496b8d9fecd48f8e3f7fba2f319ffa254a5bc8ee12cfee6acf0  guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx-unsigned.dmg
  8f6095b445c7f1a8e6accd86bb7f0696d5849402084927d2b726b7d557831c3a  guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx-unsigned.tar.gz
  cc40f25477b4defc1617ae694313d80f307ddf6742fe6cc85c6bc0e215ef8be0  guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx64.tar.gz
  ```

  Gitian Build:
  ```bash
  Generating report
  506a8abdefe559999b43dd9f14905b9b2b5a3363b1cd013d45ae47acc1f7ef6c  bitcoin-a5550f877a2c-osx-unsigned.dmg
  f606997f74026dd12d110d683c6f116b40df324836904ef507dd7ac787e6ebe2  bitcoin-a5550f877a2c-osx-unsigned.tar.gz
  5b495ef15f2c3260c2950921b61326912a9bf533cccd51e13818809fd225489e  bitcoin-a5550f877a2c-osx64.tar.gz
  f6c3817b8fe5f7370299d1ae2533e4a3acd313ba9f9aa8d423a8956117e52dd5  src/bitcoin-a5550f877a2c.tar.gz
  9eb0221e962d2839770963bd03c6c9e98e8bf3078566bee2ae42f06233a710fa  bitcoin-core-osx-22-res.yml
  Done.
  ```

ACKs for top commit:
  hebasto:
    ACK a5550f877a2c46d01bb620ae051c0c8ed0fecd0b

Tree-SHA512: 504c4b0f9cd3b939714a322298320c5bde07e9356a48a9a000060b36f8dce4d6134ed60c3a5188810476a28ec5b108733eabbc6fb8053231b9ea8a494cc91b12
2023-03-26 16:50:26 -05:00
W. J. van der Laan
dfd1045284 Merge #21375: guix: Misc feedback-based fixes + hier restructuring
7476b46f1893a4858616d2a8456a7c43238851ed guix: Build dmg as a static binary (Carl Dong)
06d6cf6784421290e6235fe8684d5e08ed6f1b62 depends: libdmg-hfsplus: Skip CMake RPATH patching (Carl Dong)
65176ab5730dff34466caaecdd292625ef8294fc guix: Remove codesign_allocate+pagestuff from unsigned tarball (Carl Dong)
ca85679eb43b8375a95d82101977829d08fb1e1b guix: Use clang-toolchain instead of clang (Carl Dong)
1aec0eda8fd31a57b0621eea616398017c2ead98 guix: Fallback to local build for substitute-enabled Guix users (Carl Dong)
1742f8e12d163852df09575e03edcd3db73198ee guix: Add early health check for guix-daemon (Carl Dong)
c1ae726a13ecfa5e7e9fdc3030a8110b8bb263f8 guix: More thoroughly control native toolchain (Carl Dong)
39741128d3775d198dbee34dc827353bfd18acd8 guix: Supply --link-profile (Carl Dong)
d55a1056ee565afed64e42d6f6efb6b0adc5599b guix: Add troubleshooting documentation entries (Carl Dong)
7f401c953f8bb3574cec48561e13ef3b47dedc6e guix: Adapt guix-build to prelude, restructure hier (Carl Dong)
4eccf063b252bfe256cf72d363a24cf0183e926e guix: Remove guix-build.sh filename extension (Carl Dong)
7753357a7bae98ec775c707b9dec4cea1e945802 guix: Add source-able bash prelude and utils (Carl Dong)
e5b49a01f5d0f631e7f08f86ca8a2c2b8213319f guix: Create windeploy inside distsrc-* (Carl Dong)
3e9982ab3877eb8fe0a8c0cb3d847ac0913c7336 contrib: Silence git-describe when looking for tag (Carl Dong)
d5a71e97853ea9e1b879e8c76bfb01d4bef33172 guix: Use --cores instead of --max-jobs (Carl Dong)

Pull request description:

  This PR addresses a few hiccups encountered by the brave souls who've been experimenting with the Guix scripts:
  - Resolves confusion between `--cores=` and `--max-jobs=`
    - `guix`'s `--cores=` actually corresponds to make's `--jobs=`, so let's just control `--cores=` with our overridable env var
  - `git-describe` will scream `fatal: no tag exactly matches '<hash>'` when looking for a tag, but we don't care, so silence that
  - `windeploy/unsigned` should be inside `distsrc-*` and created idempotently (sorry I know this one annoyed people)
  - Add troubleshooting documentation to `README.md`
  - Add early health check for `guix-daemon` in case user forgot to start a `guix-daemon`
  - Depending on configuration, a `--fallback` flag may be needed to tell Guix to not fail if substitutes fail but fallback to building locally
  - `codesign_allocate` and `pagestuff` are now unnecessary for codesigning as we're now using `signapple`

  A few robustness changes are also included:
  - We supply the `--link-profile` flag, as some Guix packages may expect the profile to be available under `$HOME/.guix-profile`
  - We now clear and manually set all toolchain-related env vars (e.g. `C*_INCLUDE_PATH`) ourselves, after patching a Qt::moc bug
  - We use the native `clang-toolchain` package for darwin builds instead of `clang`, lining up with all our other toolchain packages.

  Finally, we restructure the guix building hierarchy such that it looks something like:
  ```
  guix-build-<short-hash-or-version-tag>
  ├── distsrc-<short-hash-or-version-tag>-${HOST}
  │   ├── contrib
  │   ├── depends
  │   ├── src
  │   └── ...
  ├── distsrc-<short-hash-or-version-tag>-...
  └── output
      ├── dist-archive
      │   └── bitcoin-<short-hash-or-version-tag>.tar.gz
      ├── *-linux-*
      │   ├── bitcoin-<short-hash-or-version-tag>-*-linux-*-debug.tar.gz
      │   └── bitcoin-<short-hash-or-version-tag>-*-linux-*.tar.gz
      ├── x86_64-apple-darwin18
      │   ├── bitcoin-<short-hash-or-version-tag>-osx64.tar.gz
      │   ├── bitcoin-<short-hash-or-version-tag>-osx-unsigned.dmg
      │   └── bitcoin-<short-hash-or-version-tag>-osx-unsigned.tar.gz
      └── x86_64-w64-mingw32
          ├── bitcoin-<short-hash-or-version-tag>-win64-debug.zip
          ├── bitcoin-<short-hash-or-version-tag>-win64-setup-unsigned.exe
          ├── bitcoin-<short-hash-or-version-tag>-win64.zip
          └── bitcoin-<short-hash-or-version-tag>-win-unsigned.tar.gz
  ```
  Separating guix builds by their version identifier (basically namespacing them) allows us to change the layout in the future without worry about potential naming conflicts.

ACKs for top commit:
  sipa:
    ACK 7476b46f1893a4858616d2a8456a7c43238851ed
  laanwj:
    ACK 7476b46f1893a4858616d2a8456a7c43238851ed

Tree-SHA512: 0e899aa941aafdf552b2a7e8a08131ee9283180bbef7334439e2461a02aa7235ab7b9ca9c149b80fc5d0a9f4bbd35bc80fcee26197c0836ba8eaf2d86ffa0386
2023-03-26 16:50:26 -05:00
Wladimir J. van der Laan
5fda1ea15a Merge #21337: guix: Update darwin native packages dependencies
c967fb7fb97a86fc434912d0fff621f9f50dfe80 guix: Remove libcap from manifest (Hennadii Stepanov)
7bbb409314c63750a9731dedaaf6dd6ecd17d988 guix: Update darwin native packages dependencies (Hennadii Stepanov)

Pull request description:

  It is a #20470 follow up.

ACKs for top commit:
  fanquake:
    ACK c967fb7fb97a86fc434912d0fff621f9f50dfe80

Tree-SHA512: 66ce05770f578ba61a44c58747c5a2669f425a989ed987838058bd86e3b49e342ac5a4f8852fc49f2b3a86b58fb6a340fdf3e34c1fc19bdab910729febba4bc7
2023-03-26 16:50:26 -05:00